const { expect } = require('chai') const RateLimiter = require('../../../app/src/infrastructure/RateLimiter') const UserHelper = require('./helpers/UserHelper') describe('PasswordUpdate', function() { let email, password, response, user, userHelper afterEach(async function() { await RateLimiter.promises.clearRateLimit( 'password_reset_rate_limit', '127.0.0.1' ) }) beforeEach(async function() { userHelper = new UserHelper() email = userHelper.getDefaultEmail() password = 'old-password' userHelper = await UserHelper.createUser({ email, password }) userHelper = await UserHelper.loginUser({ email, password }) await userHelper.getCsrfToken() }) describe('success', function() { beforeEach(async function() { response = await userHelper.request.post('/user/password/update', { form: { currentPassword: password, newPassword1: 'new-password', newPassword2: 'new-password' }, simple: false }) user = (await UserHelper.getUser({ email })).user }) it('should return 200', async function() { expect(response.statusCode).to.equal(200) }) it('should update the audit log', function() { expect(user.auditLog[0]).to.exist expect(typeof user.auditLog[0].initiatorId).to.equal('object') expect(user.auditLog[0].initiatorId).to.deep.equal(user._id) expect(user.auditLog[0].operation).to.equal('update-password') expect(user.auditLog[0].ipAddress).to.equal('127.0.0.1') expect(user.auditLog[0].timestamp).to.exist }) }) describe('errors', function() { describe('missing current password', function() { beforeEach(async function() { response = await userHelper.request.post('/user/password/update', { form: { newPassword1: 'new-password', newPassword2: 'new-password' }, simple: false }) user = (await UserHelper.getUser({ email })).user }) it('should return 500', async function() { expect(response.statusCode).to.equal(500) }) it('should not update audit log', async function() { expect(user.auditLog[0]).to.not.exist }) }) describe('wrong current password', function() { beforeEach(async function() { response = await userHelper.request.post('/user/password/update', { form: { currentPassword: 'wrong-password', newPassword1: 'new-password', newPassword2: 'new-password' }, simple: false }) user = (await UserHelper.getUser({ email })).user }) it('should return 400', async function() { expect(response.statusCode).to.equal(400) }) it('should not update audit log', async function() { expect(user.auditLog[0]).to.not.exist }) }) describe('newPassword1 does not match newPassword2', function() { beforeEach(async function() { response = await userHelper.request.post('/user/password/update', { form: { currentPassword: password, newPassword1: 'new-password', newPassword2: 'oops-password' }, json: true, simple: false }) user = (await UserHelper.getUser({ email })).user }) it('should return 400', async function() { expect(response.statusCode).to.equal(400) }) it('should return error message', async function() { expect(response.body.message).to.equal('Passwords do not match') }) it('should not update audit log', async function() { expect(user.auditLog[0]).to.not.exist }) }) describe('new password is not valid', function() { beforeEach(async function() { response = await userHelper.request.post('/user/password/update', { form: { currentPassword: password, newPassword1: 'short', newPassword2: 'short' }, json: true, simple: false }) user = (await UserHelper.getUser({ email })).user }) it('should return 400', async function() { expect(response.statusCode).to.equal(400) }) it('should return error message', async function() { expect(response.body.message).to.equal('password is too short') }) it('should not update audit log', async function() { expect(user.auditLog[0]).to.not.exist }) }) }) })